PT-2023-19700 · Open Xchange · Ox App Suite

Tim Coen

Publicado

2023-05-29

Atualizado

2025-01-14

CVE-2023-24598

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OX App Suite versions prior to 7.10.6-rev37

Description The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user.

Recommendations For versions prior to 7.10.6-rev37, update to version 7.10.6-rev37 or later to resolve the issue. As a temporary workaround, consider restricting access to distribution lists to minimize the risk of private contact disclosure.

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203

Identificadores relacionados

CVE-2023-24598

Produtos afetados

Ox App Suite

PT-2023-19700 · Open Xchange · Ox App Suite

CVE-2023-24598

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6